{ }: {
  meta.description = ''
    The Online Certificate Status Protocol is used to distrust revoked certificates.
    When a new TLS connection is established, and OCSP stapling is not used, the browser checks with the
    responsible certificate authority whether the received certificate is still valid.
    It should not be disabled for security-sensitive situations, but it may be disabled for privacy reasons.
  '';

  enabled.preferences = {
    security.OCSP = {
      enabled = 1;
      # OCSP is useless, if the response is not mandatory
      require = true;
    };

    security.ssl = {
      enable_ocsp_stapling = true;
      enable_ocsp_must_staple = true;
    };
  };

  disabled.preferences = {
    security.OCSP.enabled = 0;
  };
}